Header Ads

Ways of Securing your website & Computer

Credits to sources off the webUse Open Source ScriptsUnless
you know what you are doing or have a well versed development team in
your payroll, it is a great idea to use open source scripts. Open source
scripts like WordPress & Joomla. are feature rich, powerful and are
backed by thousands of coders for update & support.This avoids
websites falling prey to hackers & spammers due to poorly written
code. Instead of building from scratch, you can use the existing scripts
and modify them to your liking. Commercial scripts from reputed
companies can also be deployed if they issue updates & patches
regularly.

Update ConstantlyNew
features or not, upgrade to newer versions of scripts as soon as they
are released. Point upgrades mostly fix bugs in the script and are as
important as a full version upgrade. If you are not sure whether the new
update will break your customization, ask in the support forums and do
not wait till you get your customization to be fixed before applying an
update.

Use Strong PasswordsPasswords
like “loveydovey123”, “unicornlover” are definitely not cute and it is
absolutely reckless to even consider using them. Your password does not
have to reflect your “inner persona” as they are supposed to keep things
safe.Use a combination of alphabets, numbers and special characters
and make sure they are atleast 10 characters long. Apps like Lastpass,
KeePass etc. can help you generate strong passwords and to store them as
well.

Restrict Root AccessBe
it may FTP or Database, never give root access to everyone willy nilly.
Restrict access to certain non system folders in the case of FTP
uploads by people other than the system administrator.Ensure the presence of .htaccess file.htaccess
files are often used to specify the security restrictions for the
particular directory, and make sure you have not deleted it by accident
or if it is there in the first place.

Use security pluginsMature
platforms always have plugins to extend the core functionality of the
script. Look for plugins that add an extra layer of security and install
them. For example, WP Security Scan plugin checks if most of the steps I
have mentioned above have been implemented properly in a WordPress
installation.Stay away from Nulled Scripts & ThemesPiracy
of commercial scripts and paid themes is the easiest among all other
forms of piracy. Smaller file sizes, absence of version specific keygen,
cumbersome Daemons, DLL patches & cracks make it a cake walk to
pirate a script rather than a software or PC Game.However, unlike
pirated desktop software where a hidden malware is removed by the Anti
Virus software, there is no way you can escape the backdoor added to the
codebase. Even for a seasoned programmer, it is impossible to go
through thousands of lines of code to check if the script is free of
backboors.A nulled script or theme with a backdoor ensures that the
hacker peddling it in the first place has gotten himself a free server
to spam people with mails promising to enhance things that cannot be
enhanced. If you are lucky, your website might not used for anti
government propaganda or for distributing child pornography. Unless you
so love orange jumpsuits or better yet, would love to go on an all
expenses paid trip to a certain facility in Cuba, stay away from nulled
scripts. Nulled scripts hurt the pirate worse than the developer. Enough
said.When it comes to security online, there are always infinite
number of ways to protect a website. Share with us the tips & tricks
you use to protect your website by leaving a comment. They will always
trick you into getting something free but then you wont realise and
there will be a hidden virus.Change File & Folder PermissionsSome
scripts require full read & write access while installation. This
can achieved by using the 777 code on vital folders like config, admin
etc. Revert the file permissions back to their original code, say 755 or
644. A file or folder with full read write code gives easy access to
inject malicious code in your website.

Delete the Installation FolderOnce
the installation is done there is no use for the installer folder in
the day to day operations of a website. It is very much possible for a
hacker to run the installer once again, empty the database and take
control of the website & its content. Ideally it is strongly advised
to delete the folder once the installation is complete, but if you know
your way around the web server, you can also opt to rename the folder.

Add a Database Table PrefixIf
you are using a CMS, blog or forum script, change the default database
table prefix. For example in case of WordPress, the default database
table prefix is “wp”. So if a brilliant hacker finds a way to extract
data from a database, default table prefixes will leave you a sitting
duck.

Password protect the DatabaseIt
is not a mandatory requirement in a lot of scripts to enter a database
password and leaving them empty will still get the script installed. An
empty password is a criminal waste of an additional layer of security.
Database password do not slow down the website when querying the
database, so there is absolutely no reason not to have one.

Secure Admin Email AddressKeep
the admin email address used to login to your webserver, CMS, database
etc. away from the public eye. Use a totally different address in your
contact page. This will help from not being scammed by a phising email
disguised to have been sent by your hosting company or domain registrar.Avoid trojans,viruses & other hacking toolsAlways
run a security scan before downloading from the web, Use programs such
as mcafee and avg to check for these and remember to always update them
when theres a new version so its more safer.

Dont leave your computer runningpay per click advertising
Never
go away from your computing for a reasonable amount of time as you
might no see whats happening but hackers can still go on if you leave it
running and then it will be to late for you. Also co workers may go on
your computer and steal work, password, install a keylogger etc if left
unattended in the office field.